POSIX oneshot: refactor code out of main method

The goal here is that the main method should contain only the interesting code for putting the entries in the log. This PR moves code into methods to aid readability:

- initializing the verifier
- initializing the signer
- evaluating the glob

This is a draft while #182 is under discussion as I don't want to create
a merge conflict where it can be avoided.

cmd/posix-oneshot/main.go

@@ -53,86 +53,43 @@ var (
 func main() {
  klog.InitFlags(nil)
  flag.Parse()
-
  ctx := context.Background()
 
- // Read log public key from file or environment variable
- var pubKey string
- var err error
- if len(*pubKeyFile) > 0 {
- pubKey, err = getKeyFile(*pubKeyFile)
- if err != nil {
- klog.Exitf("Unable to get public key: %q", err)
- }
- } else {
- pubKey = os.Getenv("LOG_PUBLIC_KEY")
- if len(pubKey) == 0 {
- klog.Exit("Supply public key file path using --public_key or set LOG_PUBLIC_KEY environment variable")
- }
- }
- // Read log private key from file or environment variable
- var privKey string
- if len(*privKeyFile) > 0 {
- privKey, err = getKeyFile(*privKeyFile)
- if err != nil {
- klog.Exitf("Unable to get private key: %q", err)
- }
- } else {
- privKey = os.Getenv("LOG_PRIVATE_KEY")
- if len(privKey) == 0 {
- klog.Exit("Supply private key file path using --private_key or set LOG_PRIVATE_KEY environment variable")
- }
- }
-
- s, err := note.NewSigner(privKey)
- if err != nil {
- klog.Exitf("Failed to instantiate signer: %q", err)
- }
+ // Gather the info needed for reading/writing checkpoints
+ v := getVerifierOrDie()
+ s := getSignerOrDie()
  origin := s.Name()
 
- writeCP := func(size uint64, root []byte) error {
- cp := &fmtlog.Checkpoint{
- Origin: origin,
- Size: size,
- Hash: root,
- }
- n, err := note.Sign(&note.Note{Text: string(cp.Marshal())}, s)
- if err != nil {
- return err
- }
- return posix.WriteCheckpoint(*storageDir, n)
- }
  if *initialise {
+ // Create the directory structure and write out an empty checkpoint
  if err := os.MkdirAll(*storageDir, dirPerm); err != nil {
  klog.Exitf("Failed to create log directory: %q", err)
  }
- if err := writeCP(0, rfc6962.DefaultHasher.EmptyRoot()); err != nil {
- klog.Exitf("Failed to write empty checkpoint")
+ // TODO(mhutchinson): This empty checkpoint initialization should live in Tessera
+ emptyCP := &fmtlog.Checkpoint{
+ Origin: origin,
+ Size: 0,
+ Hash: rfc6962.DefaultHasher.EmptyRoot(),
+ }
+ n, err := note.Sign(&note.Note{Text: string(emptyCP.Marshal())}, s)
+ if err != nil {
+ klog.Exitf("Failed to sign empty checkpoint: %s", err)
  }
+ if err := posix.WriteCheckpoint(*storageDir, n); err != nil {
+ klog.Exitf("Failed to write empty checkpoint: %s", err)
+ }
+ // TODO(mhutchinson): This should continue if *entries is provided
  os.Exit(0)
  }
 
- toAdd, err := filepath.Glob(*entries)
- if err != nil {
- klog.Exitf("Failed to glob entries %q: %q", *entries, err)
- }
- klog.V(1).Infof("toAdd: %v", toAdd)
- if len(toAdd) == 0 {
- klog.Exit("Sequence must be run with at least one valid entry")
- }
-
- cpRaw, err := posix.ReadCheckpoint(*storageDir)
- if err != nil {
- klog.Exitf("Failed to read log checkpoint: %q", err)
- }
-
- // Check signatures
- v, err := note.NewVerifier(pubKey)
- if err != nil {
- klog.Exitf("Failed to instantiate Verifier: %q", err)
- }
+ filesToAdd := readEntriesOrDie()
 
+ // TODO(mhutchinson): This function should be implemented inside Tessera (it has the verifier now)
  readCP := func() (uint64, []byte, error) {
+ cpRaw, err := posix.ReadCheckpoint(*storageDir)
+ if err != nil {
+ klog.Exitf("Failed to read log checkpoint: %q", err)
+ }
  cp, _, _, err := fmtlog.ParseCheckpoint(cpRaw, origin, v)
  if err != nil {
  return 0, []byte{}, fmt.Errorf("Failed to parse Checkpoint: %q", err)
@@ -153,7 +110,7 @@ func main() {
  }
  entryChan := make(chan entryInfo, 100)
  go func() {
- for _, fp := range toAdd {
+ for _, fp := range filesToAdd {
  b, err := os.ReadFile(fp)
  if err != nil {
  klog.Exitf("Failed to read entry file %q: %q", fp, err)
@@ -164,7 +121,7 @@ func main() {
  }()
 
  numWorkers := 256
- if l := len(toAdd); l < numWorkers {
+ if l := len(filesToAdd); l < numWorkers {
  numWorkers = l
  }
 
@@ -186,10 +143,68 @@ func main() {
  wg.Wait()
 }
 
+// Read log public key from file or environment variable
+func getVerifierOrDie() note.Verifier {
+ var pubKey string
+ var err error
+ if len(*pubKeyFile) > 0 {
+ pubKey, err = getKeyFile(*pubKeyFile)
+ if err != nil {
+ klog.Exitf("Unable to get public key: %q", err)
+ }
+ } else {
+ pubKey = os.Getenv("LOG_PUBLIC_KEY")
+ if len(pubKey) == 0 {
+ klog.Exit("Supply public key file path using --public_key or set LOG_PUBLIC_KEY environment variable")
+ }
+ }
+ // Check signatures
+ v, err := note.NewVerifier(pubKey)
+ if err != nil {
+ klog.Exitf("Failed to instantiate Verifier: %q", err)
+ }
+
+ return v
+}
+
+// Read log private key from file or environment variable
+func getSignerOrDie() note.Signer {
+ var privKey string
+ var err error
+ if len(*privKeyFile) > 0 {
+ privKey, err = getKeyFile(*privKeyFile)
+ if err != nil {
+ klog.Exitf("Unable to get private key: %q", err)
+ }
+ } else {
+ privKey = os.Getenv("LOG_PRIVATE_KEY")
+ if len(privKey) == 0 {
+ klog.Exit("Supply private key file path using --private_key or set LOG_PRIVATE_KEY environment variable")
+ }
+ }
+ s, err := note.NewSigner(privKey)
+ if err != nil {
+ klog.Exitf("Failed to instantiate signer: %q", err)
+ }
+ return s
+}
+
 func getKeyFile(path string) (string, error) {
  k, err := os.ReadFile(path)
  if err != nil {
  return "", fmt.Errorf("failed to read key file: %w", err)
  }
  return string(k), nil
 }
+
+func readEntriesOrDie() []string {
+ toAdd, err := filepath.Glob(*entries)
+ if err != nil {
+ klog.Exitf("Failed to glob entries %q: %q", *entries, err)
+ }
+ klog.V(1).Infof("toAdd: %v", toAdd)
+ if len(toAdd) == 0 {
+ klog.Exit("Sequence must be run with at least one valid entry")
+ }
+ return toAdd
+}